﻿<?php

//密码，账号 应从数据库或配置文件中获取
$style=dowith_sql($_POST['style']);
$func=dowith_sql($_POST['func']);
$partner=dowith_sql($_POST['partner']);
$datetime=dowith_sql($_POST['datetime']); 
$string=iconv('utf-8','utf-8', dowith_sql($_POST['content']));
$string=str_replace(array("\r\n", "\r", "\n"), "", $string);
$content=base64_encode(trim ($string));
$pwd=dowith_sql($_POST['pwd']);

$verify=md5($partner.$datetime.$content.$pwd);


 $PostData = array(
           "style" => $style,   
           "func" => $func,
           "partner" =>$partner,
           "datetime" => $datetime,
           "content" => $content,
           "verify" => $verify,
        );
$url="http://partner.zto.cn/client/interface.php"; 

$param= $PostData;

      //post方式发送
       $oCurl = curl_init();
        if (stripos($url, "https://") !== FALSE) {
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYPEER, FALSE);
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYHOST, false);
        }
        $strPOST = http_build_query($param);

        curl_setopt($oCurl, CURLOPT_URL, $url);      
        curl_setopt($oCurl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($oCurl, CURLOPT_POST, true);
    

    curl_setopt($oCurl, CURLOPT_POSTFIELDS, $strPOST);
       
    curl_setopt($oCurl, CURLOPT_RETURNTRANSFER, true);
       
     $sContent = curl_exec($oCurl);
     
     $aStatus = curl_getinfo($oCurl);
     curl_close($oCurl);
  //更多详情，参照 http://testpartner.zto.cn/
$array=array('content' =>  $content,'result' =>  $sContent, 'verify' => $verify,'status'=> 'OK');

exit(json_encode($array));


function dowith_sql($str)
{
   $str = str_replace("and","",$str);
   $str = str_replace("execute","",$str);
   $str = str_replace("update","",$str);
   $str = str_replace("count","",$str);
   $str = str_replace("chr","",$str);
   $str = str_replace("mid","",$str);
   $str = str_replace("master","",$str);
   $str = str_replace("truncate","",$str);
   $str = str_replace("char","",$str);
   $str = str_replace("declare","",$str);
   $str = str_replace("select","",$str);
   $str = str_replace("create","",$str);
   $str = str_replace("delete","",$str);
   $str = str_replace("insert","",$str);
   $str = str_replace("'","",$str);
   $str = str_replace("=","",$str);


   return $str;
}







